An issue exists in ebankIT prior to 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be passed to an eval() function and executed upon pressing the continue button.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ebankit ebankit |